Make the json template filter-driven.

roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py

@@ -0,0 +1,88 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# vim: expandtab:tabstop=4:shiftwidth=4
+"""
+Custom filters for use in openshift-ansible
+"""
+
+from ansible import errors
+from collections import Mapping
+from distutils.util import strtobool
+from distutils.version import LooseVersion
+from operator import itemgetter
+import OpenSSL.crypto
+import os
+import pdb
+import pkg_resources
+import re
+import json
+import yaml
+from ansible.parsing.yaml.dumper import AnsibleDumper
+from urlparse import urlparse
+
+try:
+    # ansible-2.2
+    # ansible.utils.unicode.to_unicode is deprecated in ansible-2.2,
+    # ansible.module_utils._text.to_text should be used instead.
+    from ansible.module_utils._text import to_text
+except ImportError:
+    # ansible-2.1
+    from ansible.utils.unicode import to_unicode as to_text
+
+# Disabling too-many-public-methods, since filter methods are necessarily
+# public
+# pylint: disable=too-many-public-methods
+class FilterModule(object):
+    """ Custom ansible filters """
+
+    @staticmethod
+    def oo_cert_expiry_results_to_json(hostvars, play_hosts):
+        """Takes results (`hostvars`) from the openshift_cert_expiry role
+check and serializes them into proper machine-readable JSON
+output. This filter parameter **MUST** be the playbook `hostvars`
+variable. The `play_hosts` parameter is so we know what to loop over
+when we're extrating the values.
+
+Returns:
+
+Results are collected into two top-level keys under the `json_results`
+dict:
+
+* `json_results.data` [dict] - Each individual host check result, keys are hostnames
+* `json_results.summary` [dict] - Summary of number of `warning` and `expired`
+certificates
+
+Example playbook usage:
+
+  - name: Generate expiration results JSON
+    become: no
+    run_once: yes
+    delegate_to: localhost
+    when: "{{ openshift_certificate_expiry_save_json_results|bool }}"
+    copy:
+      content: "{{ hostvars|oo_cert_expiry_results_to_json() }}"
+      dest: "{{ openshift_certificate_expiry_json_results_path }}"
+
+        """
+        json_result = {
+            'data': {},
+            'summary': {},
+        }
+
+        for host in play_hosts:
+            json_result['data'][host] = hostvars[host]['check_results']['check_results']
+
+        total_warnings = sum([hostvars[h]['check_results']['summary']['warning'] for h in play_hosts])
+        total_expired = sum([hostvars[h]['check_results']['summary']['expired'] for h in play_hosts])
+
+        json_result['summary']['warning'] = total_warnings
+        json_result['summary']['expired'] = total_expired
+
+        return json_result
+
+
+    def filters(self):
+        """ returns a mapping of filters to methods """
+        return {
+            "oo_cert_expiry_results_to_json": self.oo_cert_expiry_results_to_json,
+        }

roles/openshift_certificate_expiry/library/openshift_cert_expiry.py

@@ -36,7 +36,7 @@ description:
   - C(days_remaining) - The number of days until the certificate expires.
   - C(expiry) - The date the certificate expires on.
   - C(path) - The full path to the certificate on the examined host.
-version_added: "0.0"
+version_added: "1.0"
 options:
   config_base:
     description:
@@ -127,13 +127,6 @@ A 3-tuple of the form: (certificate_common_name, certificate_expiry_date, certif
         OpenSSL.crypto.FILETYPE_PEM, _cert_string)
 
     ######################################################################
-    # Read just the first name from the cert - DISABLED while testing
-    # out the 'get all possible names' function (below)
-    #
-    # Strip the subject down to just the value of the first name
-    # cert_subject = cert_loaded.get_subject().get_components()[0][1]
-
-    ######################################################################
     # Read all possible names from the cert
     cert_subjects = []
     for name, value in cert_loaded.get_subject().get_components():
@@ -227,7 +220,7 @@ Return:
 
 def tabulate_summary(certificates, kubeconfigs, etcd_certs, router_certs, registry_certs):
     """Calculate the summary text for when the module finishes
-running. This includes counds of each classification and what have
+running. This includes counts of each classification and what have
 you.
 
 Params:
@@ -236,6 +229,7 @@ Params:
   dicts with filled in `health` keys for system certificates.
 - `kubeconfigs` - as above for kubeconfigs
 - `etcd_certs` - as above for etcd certs
+
 Return:
 
 - `summary_results` (dict) - Counts of each cert type classification
@@ -290,7 +284,7 @@ an OpenShift Container Platform cluster
         supports_check_mode=True,
     )
 
-    # Basic scaffolding for OpenShift spcific certs
+    # Basic scaffolding for OpenShift specific certs
     openshift_base_config_path = module.params['config_base']
     openshift_master_config_path = os.path.normpath(
         os.path.join(openshift_base_config_path, "master/master-config.yaml")
@@ -317,6 +311,10 @@ an OpenShift Container Platform cluster
             )
         )
 
+    # Validate some paths we have the ability to do ahead of time
+    openshift_cert_check_paths = filter_paths(openshift_cert_check_paths)
+    kubeconfig_paths = filter_paths(kubeconfig_paths)
+
     # etcd, where do you hide your certs? Used when parsing etcd.conf
     etcd_cert_params = [
         "ETCD_CA_FILE",

roles/openshift_certificate_expiry/meta/main.yml

@@ -5,6 +5,7 @@ galaxy_info:
   company: Red Hat, Inc.
   license: Apache License, Version 2.0
   min_ansible_version: 2.1
+  version: 1.0
   platforms:
   - name: EL
     versions:

roles/openshift_certificate_expiry/tasks/main.yml

@@ -15,7 +15,12 @@
   delegate_to: localhost
   when: "{{ openshift_certificate_expiry_generate_html_report|bool }}"
 
-- name: Generate expiration results JSON
+- name: Generate the result JSON string
+  run_once: yes
+  set_fact: json_result_string="{{ hostvars|oo_cert_expiry_results_to_json(play_hosts) }}"
+  when: "{{ openshift_certificate_expiry_save_json_results|bool }}"
+
+- name: Generate results JSON file
   become: no
   run_once: yes
   template:

roles/openshift_certificate_expiry/templates/cert-expiry-table.html.j2

@@ -64,7 +64,7 @@
       </p>
       <ul>
         <li><b>Expirations checked at:</b> {{ hostvars[host].check_results.check_results.meta.checked_at_time }}</li>
-        <li><b>Warn after date:</b> {{ hostvars[host].check_results.check_results.meta.warn_after_date }}</li>
+        <li><b>Warn after date:</b> {{ hostvars[host].check_results.check_results.meta.warn_before_date }}</li>
       </ul>
 
       <table border="1" width="100%">

roles/openshift_certificate_expiry/templates/save_json_results.j2

@@ -1,20 +1 @@
-{
-  "data": {
-{% for host in play_hosts %}
-{# Pretty print the check results for each host #}
-    "{{host}}": {{ hostvars[host].check_results.check_results | to_nice_json(indent=6) }}{% if not loop.last %},
-{% else %}
-
-{% endif %}
-{% endfor %}
-  },
-{# extract the nested warning/expired value from the hostvars object
-using items in the playhosts list as a map. Wrap those results up into
-a list and then add them all together #}
-{%- set warned = play_hosts|map('extract', hostvars, ['check_results', 'summary', 'warning'])|list|sum %}
-{%- set expired = play_hosts|map('extract', hostvars, ['check_results', 'summary', 'expired'])|list|sum %}
-  "summary": {
-    "warning": {{ warned }},
-    "expired": {{ expired }}
-  }
-}
+{{ json_result_string | to_nice_json(indent=2)}}